Ξ welcome to cryptostorm's member forums ~ you don't have to be a cryptostorm member to post here Ξ∞ take a peek at our legendary cryptostorm_is twitter feed if you're into that kind of thing ∞Ξ we're rolling out voodoo network security across cryptostorm - big things happening, indeed! ΞΞ any OpenVPN configs found on the forum are likely outdated. For the latest, visit GitHub Ξ

tls-clientkey-method 2# specification of entropy source to be used in initial generation of TLS keys as part of session bootstrap

log devnull.txtverb 0mute 1# sets logging verbosity client-side, by default, to zero# no logs kept locally of connections - this can be changed...# if you'd like to see more details of connection initiation & negotiation

[b]@user name[/b]

Does the config file have multiple <remote></remote> tags? If so, could you try removing the tags?

For example:

[code]# this is the cryptostorm.is client settings file, versioning...# cstorm_linux-rome_1-4.conf# last update date: 12 January 2014

tls-clientkey-method 2# specification of entropy source to be used in initial generation of TLS keys as part of session bootstrap

log devnull.txtverb 0mute 1# sets logging verbosity client-side, by default, to zero# no logs kept locally of connections - this can be changed...# if you'd like to see more details of connection initiation & negotiation[/code]

It is very disappoining to see such slow support response here. Days between me sending a post and it appearing, forget about getting an answer. My 1 week test token is about to expire, still no working android config.

It is very disappoining to see such slow support response here. Days between me sending a post and it appearing, forget about getting an answer. My 1 week test token is about to expire, still no working android config.

Sorry about the double post before. I missed the moderation message before the page refreshed.

I wanted to add that I solved the IPv6 problem by doing the following workaround. I do not know if this works in all cases, but I tested it with www.ipv6leak.com and it reported that IPv6 is not leaking.

In OpenVPN under "Routing" tab, untick "Bypass VPN for local networks"

Under IPv6, untick "Use default Route" and enter a bogus local route under "Custom Routes".

This sends all IPv6 routing requests nowhere...

Sorry about the double post before. I missed the moderation message before the page refreshed.

I wanted to add that I solved the IPv6 problem by doing the following workaround. I do not know if this works in all cases, but I tested it with http://www.ipv6leak.com and it reported that IPv6 is not leaking.

In OpenVPN under "Routing" tab, untick "Bypass VPN for local networks"

Under IPv6, untick "Use default Route" and enter a bogus local route under "Custom Routes".

Ah, great. I recently upgraded my Nexus 5 to 5.1.1 (CM12.1), and haven't tested connection to CS yet. In a couple weeks I will probably be using CS connection heavily (at a con) so hopefully this will be a non-issue by then :p

Ah, great. I recently upgraded my Nexus 5 to 5.1.1 (CM12.1), and haven't tested connection to CS yet. In a couple weeks I will probably be using CS connection heavily (at a con) so hopefully this will be a non-issue by then :p

Hi there everyone, it seams that Android 5.0.1+ has problems with setting up routes that are pushed by the OpenVPN app, currently no OpenVPN app works, no matter what conf file or version of it you use.

I've already contacted Arne Schwabe and I'm waiting for some news about this problem.

Actually if we google the words "Android 5.1.1 OpenVPN" everyone can see that this is a well spoken subject.

Stay tuned on this topic (use "Notify me when a reply is posted") for more info

EDIT 01/03/2016: It appears that the problem isn't reproduce by everyone, and it currently afects mostly people with non-rooted devices, in my wife non-rooted Sony Z3 it doesn't work, in mine rooted it does work.Tealc

[size=150][b][u]NEWS UPDATE[/u][/b][/size]

Hi there everyone, it seams that Android 5.0.1+ has problems with setting up routes that are pushed by the OpenVPN app, currently no OpenVPN app works, no matter what conf file or version of it you use.

I've already contacted Arne Schwabe and I'm waiting for some news about this problem.

Actually if we google the words "Android 5.1.1 OpenVPN" everyone can see that this is a well spoken subject.

Stay tuned on this topic (use "Notify me when a reply is posted") for more info

[b]EDIT 01/03/2016:[/b] It appears that the problem isn't reproduce by everyone, and it currently afects mostly people with non-rooted devices, in my wife non-rooted Sony Z3 it doesn't work, in mine rooted it does work.Tealc

hi TealcThanks for replying. i don't use any antivirus at all. i remember on my old phone the android cryptofree worked but i haven't been able to get it work for ages anymore. i tried the cryptofree ovpn from your git and Tealc's ovpn and always same says connection success but not data coming in. just network monitor shows data going out. no panda installed . here is copy of log. I tried remove all personal info. you might want to recheck if i did:log from Arnes OpenVPn :

Can you post here the complete log of the openvpn connection status?Just print screen the "bitch", the link mtu has nothing to do with it Btw do you have any kind of those "Internet Protection Suite" like "Panda Antivirus PRO"?

Tealc

col883 wrote:[Help] I cannot seem to get Cryptofree Android working. Tried Tealc's cryptofree.but no internet.for me strange, It says connection "success" but I got no data coming "in" on network monitor. Data going out seems ok. So cant even browse. Arnes OpenVPn says "WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1606', remote='link-mtu 1602'" I am on Lollipop 5.1, rooted. Any advice please? what am I doing wrong? I would like to get this free one able to working on my android before I next step buy token for non-free.

Can you post here the complete log of the openvpn connection status?Just print screen the "bitch", the link mtu has nothing to do with it :-)Btw do you have any kind of those "Internet Protection Suite" like "Panda Antivirus PRO"?

Tealc

[quote="col883"][Help] I cannot seem to get Cryptofree Android working. Tried Tealc's cryptofree.but no internet.for me strange, It says connection "success" but I got no data coming "in" on network monitor. Data going out seems ok. So cant even browse. Arnes OpenVPn says "WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1606', remote='link-mtu 1602'" I am on Lollipop 5.1, rooted. Any advice please? what am I doing wrong? I would like to get this free one able to working on my android before I next step buy token for non-free.[/quote]

[Help] I cannot seem to get Cryptofree Android working. Tried Tealc's cryptofree.but no internet.for me strange, It says connection "success" but I got no data coming "in" on network monitor. Data going out seems ok. So cant even browse. Arnes OpenVPn says "WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1606', remote='link-mtu 1602'" I am on Lollipop 5.1, rooted. Any advice please? what am I doing wrong? I would like to get this free one able to working on my android before I next step buy token for non-free.

[Help] I cannot seem to get Cryptofree Android working. Tried Tealc's cryptofree.but no internet.for me strange, It says connection "success" but I got no data coming "in" on network monitor. Data going out seems ok. So cant even browse. Arnes OpenVPn says "WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1606', remote='link-mtu 1602'" I am on Lollipop 5.1, rooted. Any advice please? what am I doing wrong? I would like to get this free one able to working on my android before I next step buy token for non-free.

jlg wrote:Tealc's owncloud at the top of this page is currently down/offline. He needs to physically get to the server to get it back up and is currently on vacation. This will be fixed within a week or so.

It's working just fine now! Thank you @jlg

[quote="jlg"]Tealc's owncloud at the top of this page is currently down/offline. He needs to physically get to the server to get it back up and is currently on vacation. This will be fixed within a week or so.[/quote]

When having:[quote]2015-09-27 05:41:01 FRAG_IN error flags=0xfa2a187b: FRAG_TEST not implemented[/quote]in the logfile, try commenting the following directive in the .ovpn file:[quote]mssfix 1400[/quote]

Regards,

/Fermi[/quote]

I checked the .ovpn file for Singapore I got from Tealc's OwnCloud, and I can't find a "mssfix 1400" line to comment out.

in the logfile, try commenting the following directive in the .ovpn file:

mssfix 1400

Regards,

/Fermi

Hi,

When having:[quote]2015-09-27 05:41:01 FRAG_IN error flags=0xfa2a187b: FRAG_TEST not implemented[/quote]in the logfile, try commenting the following directive in the .ovpn file:[quote]mssfix 1400[/quote]

abadonna wrote:Well, I have problems with running it on my mobile phones... I have tried on Nexus4 (CM 11-stable) and OnePlus One (CM 12.1-Nightly). On both phones I have the same behaviour:OpenVPN connects, authenticates, connection is established. And few seconds later:

I'm having a similar issue on an HTC J Butterfly running Android 4.1.1 It's vendor modified version I'm sure, not pure stock Android, but attempting to connect with OpenVPN as per this tutorial seems to connect successfully, then disconnects, then reconnects, then disconnects, etc etc.

Even when the device is in a connected state, it doesn't receive any data. It seems to send, but nothing comes back. I've tried with both Singapore and Cryptofree and both give the same result.

I don't know if this'd be the same problem with OpenVPN or something completely different, but not being able to Cryptostorm on my phone is, like, bumming me out dude

[quote="abadonna"]Well, I have problems with running it on my mobile phones... I have tried on Nexus4 (CM 11-stable) and OnePlus One (CM 12.1-Nightly). On both phones I have the same behaviour:OpenVPN connects, authenticates, connection is established. And few seconds later:

I'm having a similar issue on an HTC J Butterfly running Android 4.1.1 It's vendor modified version I'm sure, not pure stock Android, but attempting to connect with OpenVPN as per this tutorial seems to connect successfully, then disconnects, then reconnects, then disconnects, etc etc.

Even when the device is in a connected state, it doesn't receive any data. It seems to send, but nothing comes back. I've tried with both Singapore and Cryptofree and both give the same result.

I don't know if this'd be the same problem with OpenVPN or something completely different, but not being able to Cryptostorm on my phone is, like, bumming me out dude :P

Well, I have problems with running it on my mobile phones... I have tried on Nexus4 (CM 11-stable) and OnePlus One (CM 12.1-Nightly). On both phones I have the same behaviour:OpenVPN connects, authenticates, connection is established. And few seconds later:

Well, I have problems with running it on my mobile phones... I have tried on Nexus4 (CM 11-stable) and OnePlus One (CM 12.1-Nightly). On both phones I have the same behaviour:OpenVPN connects, authenticates, connection is established. And few seconds later:

VirtuosicVagabond wrote:So what's the difference between the .ovpn file you posted and the .conf file posted in that other thread?

If you open with a text editor both of them you will see that there are a LOT a differences, the main configuration parameters in my ovpn file are the same has the recommended by Staff from the 1.4 version.

Actually the main differences are:

1) I don't use FQDN to try to connect to the server (be warned that this isn't recommended by Staff), the main purpose of putting only the naked IP is that many devices, and it doesn't matter what version of Android you're running, have some problems trying to figure out the FQDN and tend to leak the real IP address to 3rd party for the dns resolve of the FQDN.It's been documented here in the forum that you can fix the dns resolve problem of sending the real ip address before connecting to CS with ipblock or AFwall+ or something like this, but has you can figure we would need a lot more work to do that, it's simple and easier to put the naked IP, just sayinging .Just a small remark, if you use a naked IP, if that server is down or something there will be no dynamic balancing of your connection to another server and that could be a potential security risk?!

2) Since the beginning of my involvement in CS the "main ovpn file" used with RAW linux connections wasn't really accepted in a lot of the configuration parameters by the default ovpn android app, I know that since then the parameters have change and the normal 1.4 conf CS ovpn file can be imported to the ovpn android app without critical errors, but still with some.

You know, this comes down to your choice, my config files for android are here for everyone see and test, there are no hidden parameters (is that even possible?) and they are hassle free, they just work out-of-the-box (or owncloud )

Stay awesome,

Tealc

[quote="VirtuosicVagabond"]So what's the difference between the .ovpn file you posted and the .conf file posted in that other thread?[/quote]

If you open with a text editor both of them you will see that there are a LOT a differences, the main configuration parameters in my ovpn file are the same has the recommended by Staff from the 1.4 version.

Actually the main differences are:

1) I don't use FQDN to try to connect to the server (be warned that this isn't recommended by Staff), the main purpose of putting only the naked IP is that many devices, and it doesn't matter what version of Android you're running, have some problems trying to figure out the FQDN and tend to leak the real IP address to 3rd party for the dns resolve of the FQDN.It's been documented here in the forum that you can fix the dns resolve problem of sending the real ip address before connecting to CS with ipblock or AFwall+ or something like this, but has you can figure we would need a lot more work to do that, it's simple and easier to put the naked IP, just sayinging :-D.Just a small remark, if you use a naked IP, if that server is down or something there will be no dynamic balancing of your connection to another server and that could be a potential security risk?!

2) Since the beginning of my involvement in CS the "main ovpn file" used with RAW linux connections wasn't really accepted in a lot of the configuration parameters by the default ovpn android app, I know that since then the parameters have change and the normal 1.4 conf CS ovpn file can be imported to the ovpn android app without critical errors, but still with some.

You know, this comes down to your choice, my config files for android are here for everyone see and test, there are no hidden parameters (is that even possible?) and they are hassle free, they just work out-of-the-box (or owncloud :-D )

Jarmer wrote:Recently I upgraded to a 4.4.4 ROM and am currently using the standard configs posted in the op. Things at first work great then I start getting the attached error messages over and over again. I'm using a token I purchased in April for one year so I know its not that, and it connects fine to begin with. Just after a while it starts disconnecting and erroring out with the auth failure messages. Any ideas here? I saw some comments above that 4.4.2+ have issues with openvpn, that still the case now?

What's your OpenVPN version? You should only use the 0.6.17 or up, anything older will give several bizarre errors.All versions of Android now work fine, no problems even with 4.4.2

Which exit node are you using? This auth error get's reproduced in others exit nodes?

[quote="Jarmer"]Recently I upgraded to a 4.4.4 ROM and am currently using the standard configs posted in the op. Things at first work great then I start getting the attached error messages over and over again. I'm using a token I purchased in April for one year so I know its not that, and it connects fine to begin with. Just after a while it starts disconnecting and erroring out with the auth failure messages. Any ideas here? I saw some comments above that 4.4.2+ have issues with openvpn, that still the case now?[/quote]

What's your OpenVPN version? You should only use the 0.6.17 or up, anything older will give several bizarre errors.All versions of Android now work fine, no problems even with 4.4.2 :-D

Which exit node are you using? This auth error get's reproduced in others exit nodes?

OpenVPN works fine on 4.4.4, provided you are using the latest OpenVPN for Android build... The latest stable is .6.17, although I just noticed there is a beta (up to you). You can download it from here Full List of OpenVPN for Android releases

May I ask what ROM you are using? I am using SlimSaber 4.4.4

The errors also might have to do with the recent disruptions on the UNSAE exit node. I had to resort to Onyx and haven't looked back. Do you get the errors on other cluster choices?

OpenVPN works fine on 4.4.4, provided you are using the latest OpenVPN for Android build... The latest stable is .6.17, although I just noticed there is a beta (up to you). You can download it from here [url=https://plai.de/android/]Full List of OpenVPN for Android releases[/url]

May I ask what ROM you are using? I am using SlimSaber 4.4.4

The errors also might have to do with the recent disruptions on the UNSAE exit node. I had to resort to Onyx and haven't looked back. Do you get the errors on other cluster choices?

Recently I upgraded to a 4.4.4 ROM and am currently using the standard configs posted in the op. Things at first work great then I start getting the attached error messages over and over again. I'm using a token I purchased in April for one year so I know its not that, and it connects fine to begin with. Just after a while it starts disconnecting and erroring out with the auth failure messages. Any ideas here? I saw some comments above that 4.4.2+ have issues with openvpn, that still the case now?

Recently I upgraded to a 4.4.4 ROM and am currently using the standard configs posted in the op. Things at first work great then I start getting the attached error messages over and over again. I'm using a token I purchased in April for one year so I know its not that, and it connects fine to begin with. Just after a while it starts disconnecting and erroring out with the auth failure messages. Any ideas here? I saw some comments above that 4.4.2+ have issues with openvpn, that still the case now?

marzametal wrote:...... small request, can you add a little line at the beginning of the first post to indicate when it was last updated, instead of relying solely on the update dates inside it?

Do you mean this?

It's been here since day one

[quote="marzametal"]...... small request, can you add a little line at the beginning of the first post to indicate when it was last updated, instead of relying solely on the update dates inside it?[/quote]

marzametal wrote:Has anyone noticed a new entry in the OpenVPN for Android log?When the VPN profile is clicked, and it begins to load... I see an entry called "Initializing Google Breakpad".It seems to be a crash reporting system, copied/borrows/lent from Mozilla Firefox/Google Chrome's Crash Reporter. Just wondering if the latest stable OfA has it, or Arnie includes it just on beta's...

Which beta version are you running? Because, the OLD Android OVPN config's where for the 0.6.11 stable,this ones will only work with 0.6.17 stable or bigger

Yeah, I was on 0.6.15 when I saw the Google Breakpad stuff pop up... so jumped to 0.6.17, been about a week or so since the upgrade.Ahhh, I see the step I missed. It wasn't enough to just upgrade to 0.6.17. I have to also upgrade the config file too... small request, can you add a little line at the beginning of the first post to indicate when it was last updated, instead of relying solely on the update dates inside it?

[quote="Tealc"][quote="marzametal"]Has anyone noticed a new entry in the OpenVPN for Android log?When the VPN profile is clicked, and it begins to load... I see an entry called "Initializing Google Breakpad".It seems to be a crash reporting system, copied/borrows/lent from Mozilla Firefox/Google Chrome's Crash Reporter. Just wondering if the latest stable OfA has it, or Arnie includes it just on beta's...[/quote]

Which beta version are you running? Because, the OLD Android OVPN config's where for the 0.6.[u]11[/u] stable,this ones will only work with 0.6.[u]17[/u] stable or bigger :-D[/quote]

Yeah, I was on 0.6.15 when I saw the Google Breakpad stuff pop up... so jumped to 0.6.17, been about a week or so since the upgrade.Ahhh, I see the step I missed. It wasn't enough to just upgrade to 0.6.17. I have to also upgrade the config file too... small request, can you add a little line at the beginning of the first post to indicate when it was last updated, instead of relying solely on the update dates inside it?

marzametal wrote:Has anyone noticed a new entry in the OpenVPN for Android log?When the VPN profile is clicked, and it begins to load... I see an entry called "Initializing Google Breakpad".It seems to be a crash reporting system, copied/borrows/lent from Mozilla Firefox/Google Chrome's Crash Reporter. Just wondering if the latest stable OfA has it, or Arnie includes it just on beta's...

Which beta version are you running? Because, the OLD Android OVPN config's where for the 0.6.11 stable,this ones will only work with 0.6.17 stable or bigger

[quote="marzametal"]Has anyone noticed a new entry in the OpenVPN for Android log?When the VPN profile is clicked, and it begins to load... I see an entry called "Initializing Google Breakpad".It seems to be a crash reporting system, copied/borrows/lent from Mozilla Firefox/Google Chrome's Crash Reporter. Just wondering if the latest stable OfA has it, or Arnie includes it just on beta's...[/quote]

Which beta version are you running? Because, the OLD Android OVPN config's where for the 0.6.[u]11[/u] stable,this ones will only work with 0.6.[u]17[/u] stable or bigger :-D

Tealc wrote:Since this tutorial has the old cert's and the old OVPN settings from the very first conf's that got to see the light of day, it's more them possible that something got broken on the way, so.... I'm making new conf's for this OpenVPN Android app, specific for the most current cert's and conf's.

Thank you Tealc, very much appreciated. Will the new confs be in the same place when they're ready?

So everything updated... this time there are all the "exit nodes" available, if you find some kind of error let me know.

BTW to everyone that's going to check the config file BEFORE using, YES I've removed the hostname of the "exit node" and left only the IP, I actually don't know why, but I've got a bunch of errors with the hostname in place. If you do not want this, just change it back to the hostname

[quote="kelltech"][quote="Tealc"]Since this tutorial has the old cert's and the old OVPN settings from the very first conf's that got to see the light of day, it's more them possible that something got broken on the way, so.... I'm making new conf's for this OpenVPN Android app, specific for the most current cert's and conf's.[/quote]

Thank you Tealc, very much appreciated. Will the new confs be in the same place when they're ready?[/quote]

So everything updated... this time there are all the "exit nodes" available, if you find some kind of error let me know.

BTW to everyone that's going to check the config file BEFORE using, YES I've removed the hostname of the "exit node" and left only the IP, I actually don't know why, but I've got a bunch of errors with the hostname in place. If you do not want this, just change it back to the hostname :P

Has anyone noticed a new entry in the OpenVPN for Android log?When the VPN profile is clicked, and it begins to load... I see an entry called "Initializing Google Breakpad".It seems to be a crash reporting system, copied/borrows/lent from Mozilla Firefox/Google Chrome's Crash Reporter. Just wondering if the latest stable OfA has it, or Arnie includes it just on beta's...

Has anyone noticed a new entry in the OpenVPN for Android log?When the VPN profile is clicked, and it begins to load... I see an entry called "Initializing Google Breakpad".It seems to be a crash reporting system, copied/borrows/lent from Mozilla Firefox/Google Chrome's Crash Reporter. Just wondering if the latest stable OfA has it, or Arnie includes it just on beta's...

Tealc wrote:Since this tutorial has the old cert's and the old OVPN settings from the very first conf's that got to see the light of day, it's more them possible that something got broken on the way, so.... I'm making new conf's for this OpenVPN Android app, specific for the most current cert's and conf's.

Thank you Tealc, very much appreciated. Will the new confs be in the same place when they're ready?

[quote="Tealc"]Since this tutorial has the old cert's and the old OVPN settings from the very first conf's that got to see the light of day, it's more them possible that something got broken on the way, so.... I'm making new conf's for this OpenVPN Android app, specific for the most current cert's and conf's.[/quote]

Thank you Tealc, very much appreciated. Will the new confs be in the same place when they're ready?

Since this tutorial has the old cert's and the old OVPN settings from the very first conf's that got to see the light of day, it's more them possible that something got broken on the way, so.... I'm making new conf's for this OpenVPN Android app, specific for the most current cert's and conf's.

And BTW, it works with non rooted phones, but I've found out that some "branded" android versions doesn't allow OpenVPN to make their magic, for example with my non-rooted HTC M8 (also in my M7 ) I've got it working in a heart beat, with my wife's non rooted Samsung Galaxy S5 no such luck, at first the app crashed, them after several re-install I got to the import config file part and it crashed, but got to add the conf to the profiles page (??) but wen I try to connect it just doesn't work saying something about "... severe damage to your device" I've already sent a but report to the man in charge of producing this amazing app, let's see what he have to say

Since this tutorial has the old cert's and the old OVPN settings from the very first conf's that got to see the light of day, it's more them possible that something got broken on the way, so.... I'm making new conf's for this OpenVPN Android app, specific for the most current cert's and conf's.

And BTW, it works with non rooted phones, but I've found out that some "branded" android versions doesn't allow OpenVPN to make their magic, for example with my non-rooted HTC M8 (also in my M7 :-D ) I've got it working in a heart beat, with my wife's non rooted Samsung Galaxy S5 no such luck, at first the app crashed, them after several re-install I got to the import config file part and it crashed, but got to add the conf to the profiles page (??) but wen I try to connect it just doesn't work saying something about "... severe damage to your device" I've already sent a but report to the man in charge of producing this amazing app, let's see what he have to say :-D

So this is for rooted devices? How about non rooted? My new tablet isn't rooted yet. I used to be able to connect on this tablet but since buying a new token I can't connect any more. I started from the beginning and still get "Auth failed" every time. I even reinstalled the OpenVPN app. Any suggestions?

So this is for rooted devices? How about non rooted? My new tablet isn't rooted yet. I used to be able to connect on this tablet but since buying a new token I can't connect any more. I started from the beginning and still get "Auth failed" every time. I even reinstalled the OpenVPN app. Any suggestions?

marzametal wrote:In regards to Also activate VPN at "all applications". On its face, it's worth activating to force everything through the VPN. My thought on this is, rather block access than allow access? For example, in the firewall log, crap pops up left right and center. I'd rather see things being blocked than allowing it through the VPN for the sole reason it is a secure path. I'm not saying take this as gospel, but would like your opinion if possible.

Well... This heavily depends on how you handle security on your phone. I use AFWall+ as a simple leakblock that I set up and "forget". I very rarely open it up; mostly when a new version got released to check on new options.I like to manage all my security at one place and this is the XPrivacy module. I can block internet access there as well and do this actively. My default settings are to block everything by default (even the red system permissions) and then allow individual permissions as they are actually needed for the app to work. (emphasis on "actually"! Not what it requests! )But that is just how I do things.

You could very well do a different approach in managing different things at different places. You could also use AFWall+ as a second line of defense for the very unpleasant case that XPrivacy for some reason fails to block internet access. So yes: Your approach is very reasonable. Just be careful with the system services. There may be cases where you want to block some of those but this should only be done by people who very well know what the individual system services do.

As to your gapps incident... There still are (and always will be) some resources with google in their name if you use an android based rom but gapps should not be there. The only explanation I have is that some app requested access to it not knowing that it doesn't reside on your phone.

But anyways: Always glad to see that people actually care and get rid of GAPPs and the Google Services Framework! You really rarely (or never) need those as you can grab your Apps anyways. With it all security efforts are pretty useless in my opinion.

[quote="marzametal"]In regards to [u]Also activate VPN at "all applications". [/u]On its face, it's worth activating to force everything through the VPN. My thought on this is, rather block access than allow access? For example, in the firewall log, crap pops up left right and center. I'd rather see things being blocked than allowing it through the VPN for the sole reason it is a secure path. I'm not saying take this as gospel, but would like your opinion if possible.[/quote]

Well... This heavily depends on how you handle security on your phone. I use AFWall+ as a simple leakblock that I set up and "forget". I very rarely open it up; mostly when a new version got released to check on new options.I like to manage all my security at one place and this is the XPrivacy module. I can block internet access there as well and do this actively. My default settings are to block everything by default (even the red system permissions) and then allow individual permissions as they are actually needed for the app to work. (emphasis on "actually"! Not what it requests! :lol: )But that is just how I do things.

You could very well do a different approach in managing different things at different places. You could also use AFWall+ as a second line of defense for the very unpleasant case that XPrivacy for some reason fails to block internet access. So yes: Your approach is very reasonable. Just be careful with the system services. There may be cases where you want to block some of those but this should only be done by people who very well know what the individual system services do.

As to your gapps incident... There still are (and always will be) some resources with google in their name if you use an android based rom but gapps should not be there. The only explanation I have is that some app requested access to it not knowing that it doesn't reside on your phone.

But anyways: Always glad to see that people actually care and get rid of GAPPs and the Google Services Framework! You really rarely (or never) need those as you can grab your Apps anyways. With it all security efforts are pretty useless in my opinion.

This shows how considerate our friends at CryptoStorm are! Good thinking but I can give an all-clear signal on this source: It's provided by the maker himself, Arne Schwabe. I grabbed the link from his own google-code page so it should be more than fine.

Glad I was able help some folks out with that even though the whole post was very rushed.

PS: I forgot another great XPosed Module --> Auto VPN Dialog Confirm. It helps you get rid of the annoying "do you trust this VPN?" dialog. With this you can create a 100% automatic VPN environment if you also tell Arne Schwabes OpenVPN that it should connect at startup and on network change.

This shows how considerate our friends at CryptoStorm are! Good thinking but I can give an all-clear signal on this source: It's provided by the maker himself, Arne Schwabe. I grabbed the link from his own google-code page so it should be more than fine.

Proof: https://code.google.com/p/ics-openvpn/ At the bottom under [i]footnotes[/i] you find "If you cannot or do not want to use the Play Store you can download the apk files directly."

Glad I was able help some folks out with that even though the whole post was very rushed. ;)

PS: I forgot another great XPosed Module --> Auto VPN Dialog Confirm. It helps you get rid of the annoying "do you trust this VPN?" dialog. With this you can create a 100% automatic VPN environment if you also tell Arne Schwabes OpenVPN that it should connect at startup and on network change.